Beyond the Data Protection: The Real Scope of Event Security
29 Aug 2018 | RainFocus | 4 minutes
The phrase “data security” brings to mind images of the hackers in The Matrix or Mr. Robot. But the security of event technology and attendee data goes way beyond this stereotype.
Yes, you do want to protect your event from hackers, but we could all benefit from expanding our definition of “security” to include all aspects of ensuring that our technology is functioning safely.
Enterprise mobility and security (EMS) touches many aspects of a conference, seen and unseen. Consider the centrality of the following security areas in event planning and execution:
1. User Data Access and Protection
Protecting user data is a huge component of today’s security operations. While user data protection has long been a central element of event security, it has become especially important since the European Union’s general data protection regulation (GDPR) went into effect this past May.
Over the past year, American companies have worked to make their platforms GDPR compliant for clients all over the world. In enterprise event management, this means including cookie-consent banners and checkboxes on registration forms so that attendees can have a choice in what data you collect and how their data can be used.
In the GDPR world we are now living in, clients are increasingly able to access and erase their data, changing the way that companies collect and interpret information. There are huge benefits to having rich data sets, but now there is also a high cost that comes with making this data more accessible.
2. Transaction and Data Security
Event registration often involves large sums of money, and for this reason, transaction and security is of primary importance. The backbone of transaction security revolves around encryption and tokenization.
Encryption in Transit
In moving towards a more secure web, Google has been strongly advocating HTTPS encryption and gradually marking a large subset of HTTP pages as “not secure”. This is a great thing! Every request should be encrypted to keep every login, form submission, and financial transaction secure.
Encryption at Rest
Every modern security audit asks about whether or not your system encrypts its data at rest. This is for good reason! Securing network access to your database is of extreme importance, but so is securing the actual data, backups, read-replicas, and snapshots.
Securely processing payments is also of paramount importance. Choose a payment processing service that is reputable, offers comprehensive transaction encryption, and is PCI compliment. The RainFocus platform, for example, partners with Braintree to process credit cards using tokenization and iframes (hosted fields integration) so the credit card numbers never pass through our platform!
Plain text passwords are no-go. Even encrypted passwords are a thing of the past. Today’s secure systems use one-way hashing with random salts. Using this mechanism, two identical passwords will have two different one-way hashes.
3. Secure Software Development Life Cycle
Software security is a moving target that can change with each and every deployment of code. Event management software development teams should employ a Secure SDLC to keep data-privacy and security concerns forefront in their minds.
Plan for Success!
As software features are designed for functionality and scalability, they should also be designed with security in mind.
Employee and Developer Training
All employees need to be trained on security, data-privacy, and phishing. This is of particular importance for the person in the developer role. They Should to be trained in SQLi, XSS, CSRF, and other OWASP Top 10 vulnerabilities. Security also ought to be an area of emphasis in each code review.
Application and Network Vulnerability Scanning
Training is one thing, but the proof is in the pudding! Hosted web applications should be scanned frequently for TLS versions, opened ports, information disclosures, and OWASP Top 10 vulnerabilities.
Defined Roles and Responsibilities
It takes a village to produce functional, scalable, and secure software. Functionally separating the roles of product, development, QA, and DevOps provides the stewardship and “checks and balances” to perform this amazing feat in a compliant way.
4. Backup servers
If the wi-fi goes down at the event venue—and we all know it very well might— installing key operational software and infrastructure that’s internet independent will keep check-in and other key touch-points running smoothly. RainFocus’ Saturn Servers are great example of this. As backup infrastructure physically set up on-site, these servers help attendee check in continue smoothly in the event online access to the attendee database is no longer available.
RainFocus is a modern day Software as a service (Saas) platform that is regularly updated to meet the demands of ever shifting security threats and concerns. Security is a central part of our platform, which can help you ensure that your conference runs safely.
Get a free powerpoint template with these cloud security graphics today!